Hi all,
I have starting having a number of spymare issues this past week. Spybot S&D doesn't come up with any problems and nor does my virus checker. I downloaded Malware Sweeper and it picked up some problems, but still nothing seems to be fixed. Here are the problems I have been having. If you would like more information, please let me know, and thanks very much for your help!

Problems:

1. Several times a day my virus checker automatically catches and deletes a virus as I'm surfing the net. It's usually identified as Trojan:W32/Dursg.D or as TrojanW32/Agent.DJIS. As soon as this happens, a dialogue box pops up saying that "windows defender" is ready to install an update. I click cancel and then the User Account Control box comes up saying windows needs permission to continue (mentioning a Rundll file), I click cancel and it seems to be gone until another virus gets picked up by the checker a few hours later.

2. PersistWndName - this application just started running in the corner of my screen. I have no idea what it is or how it got there. I've just seen it once while problem #1 has been occuring for several days.

3. Google redirects - lots of times when I click on links from google searches I get random fake shopping sites. This has been occuring for several days.

4. Everytime I start the computer, there is a "procudure entry point" error regarding PowerReadACvalue and something about a Powrprofdll file.

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.

Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.

If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.

Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!

Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.

Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.

Now click the Scan button. If you see a rootkit warning window, click OK.

When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.

Click the Copy button and paste the results into your next reply.

Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)3. The log that was produced after running GMER4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Error - 23/05/2010 1:52:36 PM | Computer Name = Ross-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Twice now when I have started my computer, windows fails to load leaving me with only a blank screen. An error message stating that Windows Explorer failed to load appears. I booted up in Safe Mode and did a system restore to a few days ago and was able to start the computer normally. The scans were not completed in Safe Mode.

The other problems persist, although I have not seen PersistWndName again since the first time it appeared.

Disable SpyBot TeaTimerWe need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.

If prompted with a legal dialog, accept the warning.

Click and then on "Advanced Mode"

You may be presented with a warning dialog. If so, press

Click on

Click on

Uncheck this checkbox:

Close/Exit Spybot Search and Destroy

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the textbox. Do not include the word "Code"

-------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the C:\ComboFix.txt for further review.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.2. The log that is produced after running the OTL fix.3. The log that is produced after running the ComboFix scan.4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online ScannerI'd like us to scan your machine with ESET Online Scan

Note:It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.2. The log that was produced after running the ComboFix scan.3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.4. The log that was produced after running the ESET Online Virus Scanner.5. The logs that were produced after running the OTL scan.6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

I have just completed the first step, the ComboFix script... the computer restarted and gave me the log file (which I have pasted below); however, whenever I click on any application, it will not open and gives me an error that reads "Illegal operation attempted on a registry key that has been marked for deletion" The only way I can run applications is by right clicking and selecting 'run as administrator.' Double clicking brings that error message.

THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.